bin/logstash -f /opt/logstash-8.9.0/config/conf.d/pipe.conf
[2024-06-13T12:42:19,876][INFO ][logstash.outputs.opensearch][main][91823b58f6fb0958c7671051e63dcf1ae4101824338810d25e044a5a52cd36e4] Retrying failed action {:status=>429, :action=>["index", {:_id=>nil, :_index=>"rpmappserver-01ribbideo_logs", :routing=>nil}, {"event"=>{"original"=>"10.30.1.132 - - [10/Sep/2023:01:00:02 -0700] "GET /rx/api/config HTTP/1.1" 200 2\n"}, "message"=>"10.30.1.132 - - [10/Sep/2023:01:00:02 -0700] "GET /rx/api/config HTTP/1.1" 200 2\n", "@version"=>"1", "type"=>"s3", "@timestamp"=>2024-06-13T12:40:10.852904110Z}], :error=>{"type"=>"cluster_block_exception", "reason"=>"index [rpmappserver-01ribbideo_logs] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}}
[logstash.outputs.opensearch][main][91823b58f6fb0958c7671051e63dcf1ae4101824338810d25e044a5a52cd36e4] Retrying individual bulk actions that failed or were rejected by the previous bulk request {:count=>125}
cd /opt/logstash-8.9.0/config/conf.d
vi pipe.conf
input {
s3 {
access_key_id => "AKIAUNWJFISALFXWOPVQ"
secret_access_key => "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"
bucket => "serverlogs-01backup"
region => "us-west-2"
type => "s3"
prefix => "appserver/rpmappserver-01/ribbideo_logs/"
interval => 60
}
s3 {
access_key_id => "AKIAUNWJFISALFXWOPVQ"
secret_access_key => "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"
bucket => "serverlogs-01backup"
region => "us-west-2"
type => "s3"
prefix => "appserver/rpmappserver-01/tomcat8_logs/"
interval => 60
}
}
filter {
Add any necessary filters here to parse or enrich your data
}
output {
opensearch {
hosts => ["https://localhost:9200"]
index => "rpmappserver-01ribbideo_logs"
user => "admin"
password => "admin"
ssl_certificate_verification => false
}
opensearch {
hosts => ["https://localhost:9200"]
index => "rpmappserver-01tomcat8_logs"
user => "admin"
password => "admin"
ssl_certificate_verification => false
}
}